@inbook {IOPORT.05771685,
    author       = {Oren, Yossef and Kirschbaum, Mario and Popp, Thomas and Wool, Avishai},
    title        = {Algebraic side-channel analysis in the presence of errors.},
    year         = {2010},
    booktitle    = {Cryptographic hardware and embedded systems -- CHES 2010. 12th international workshop, Santa Barbara, USA, August 17--20, 2010. Proceedings},
    isbn         = {978-3-642-15030-2},
    pages        = {428-442},
    publisher    = {Berlin: Springer},
    doi          = {10.1007/978-3-642-15031-9_29},
    abstract     = {Summary: Measurement errors make power analysis attacks difficult to mount when only a single power trace is available: the statistical methods that make DPA attacks so successful are not applicable since they require many (typically thousands) of traces. Recently it was suggested by [18] to use algebraic methods for the single-trace scenario, converting the key recovery problem into a Boolean satisfiability (SAT) problem, then using a SAT solver. However, this approach is extremely sensitive to noise (allowing an error rate of well under 1\% at most), and the question of its practicality remained open. In this work we show how a single-trace side-channel analysis problem can be transformed into a pseudo-Boolean optimization (PBOPT) problem, which takes errors into consideration. The PBOPT instance can then be solved using a suitable optimization problem solver. The PBOPT syntax provides for a more expressive input specification which allows a very natural representation of measurement errors. Most importantly, we show that using our approach we are able to mount successful and efficient single-trace attacks even in the presence of realistic error rates of 10\%-20\%. We call our new attack methodology Tolerant Algebraic Side-Channel Analysis (TASCA). We show practical attacks on two real ciphers: Keeloq and AES.},
    identifier   = {05771685},
}